And its all on you
> -----Original Message-----
> From: It's The Zoooomer [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 27, 2000 3:22 PM
> To: Bennett Todd; Shawn Savadkohi
> Cc: [EMAIL PROTECTED]
> Subject: Re: Hey, I DON'T WANT a firewall in front of my network!
>
> Not to mention the time taken to rebuild everything
> that the hacker went in and changed so it doesn't
> happen again. So basically IT DOES come down to MONEY,
> TIME, EFFORT...
>
> Robert
> You can pay a little now or a lot later.
>
> --- Bennett Todd <[EMAIL PROTECTED]> wrote:
> > An interesting topic indeed.
> >
> > I'd say the first step is a security policy. If you
> > don't have one,
> > you need one (this is my standing battle cry).
> >
> > Make the definition of the security policy the
> > battle ground for
> > this issue. The security policy should describe what
> > resources need
> > protecting, against what threats, and mandate
> > requirements (possibly
> > including firewalls) that follow logically from the
> > resources and
> > threats.
> >
> > But that's just setting a sound structure for the
> > debate, it doesn't
> > actually address your question.
> >
> > If you've described resources that need protecting,
> > and threats they
> > need protecting against, and the manager still
> > doesn't buy into your
> > proposed solution, then either you need a more
> > flexible solution
> > (e.g. protect critical servers with a different,
> > tighter policy from
> > the one you inflict on desktop clients --- which may
> > also require
> > protecting them _against_ the vulnerable desktops)
> > or else they're
> > ignoring the problem. In that latter case what I
> > like doing is
> > demonstrating the problem. Come up with a clear
> > threat, fantasize a
> > plausible attacker, describe the scenario in detail,
> > then offer to
> > demonstrate the practicality and effects of the
> > attack by running
> > it (with prior agreement, at a scheduled time). If
> > they insist on
> > continuing to ignore the threat, and refuse to let
> > you demonstrate
> > it, then back off. Carry out these negotiations in
> > email and keep
> > file copies, and then when they get burgled you can
> > document that
> > the manager deliberately chose to let it happen.
> >
> > If that last bit (let 'em hang) is unacceptable to
> > you, your choices
> > reduce to trying to go over the head of the
> > recalcitrant manager, or
> > finding another job.
> >
> > -Bennett
> >
>
> > ATTACHMENT part 2 application/pgp-signature
>
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
